Android users beware! Indian banks targeted by new malware

Last updated on: January 07, 2018 12:07 IST

Being distributed through a fake Flash Player app, the malware is designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMSs to malicious servers, reports Romita Majumdar.

An Android banking Trojan/malware that targets around 200 apps, including those offered by Indian banks has been detected, prompting security researchers and banks to alert consumers.

The malware is designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMSs to malicious servers by displaying a fake overlay screen on top of legitimate apps to capture user inputs, said software security firm QuickHeal in a post on Saturday.

"Do not download and install applications from untrusted sources offered via unknown website links on unscrupulous messages," said Canara Bank in a note to users.

While the malware has been successfully detected, there is no immediate mention of any known occurrences of misuse so far.

Android.banker.A2f8a is being distributed through a fake Flash Player app on third-party stores. This is not surprising, said QuickHeal, given that Adobe Flash is one of the most widely distributed products on the internet and because of its popularity and global install base, it is often targeted by attackers.

The malicious app shows fake notifications on behalf of the original app and when users click on the fake notification, they are directed to enter their login credentials into a fake login page.

The malware has targeted banking apps of Axis Bank, HDFC, ICICI, IDBI and Union Bank, among others, says the blog.

The malware has also targeted a number of cryptocurrency apps like Bitcoinium, Bitcoin Wallet, BTC Safari and Bitfinex apart from many others.

A number of international banking and payment apps are also listed like ING Australia Banking, Citibank Australia, Citi Mobil UK, Singapore Digital Banking and PayPal Mobile and Amazon for Tablets.

The malware can intercept messages from incoming and outgoing messages and bypass SMS-based two-factor authentication on the victim's bank account. It can suppress the device's ringer volume to prevent the user being alerted about SMSs.

Quick Heal has warned users that there is no official Adobe Flash Player available on the Google Play Store.

Adobe had also announced that it will stop updating and distributing Flash Player by the end of 2020 in all formats of the browser.